URl/Extension Block

Unanswered Question
Aug 26th, 2008
User Badges:

I have cisco 38xx series with ios 12.4(2)T6


I am trying to block specific extension and specific url so that users cant access/download.


I did the following configuration but only youtube is not working rest all downloading and url are working fine.


class-map match-any p2p

match protocol fasttrack file-transfer "*"

match protocol gnutella file-transfer "*"

match protocol bittorrent

class-map match-any youtube

match protocol http url "*youtube*"

match protocol http host "*youtube.com"

match protocol http url "*kh.google.com*"

match protocol http url "*pakiztan.tv*"

match protocol http url "*pakiztan*"

match access-group name webblock

match protocol http url "*.rar*"

match protocol http url "*.zip*"

match protocol http url "*.exe*"

match protocol http url "*www.pakisztan.tv*"

match protocol http url "*www.pakiztan.tv*"

match protocol http url "*.flv*"

match protocol http url "*.avi*"

match protocol http url "*.mpg*"

match protocol http url "*.mpeg*"

match protocol http url "*.mp33*"

match protocol http url ".exe*"

match protocol http url ".zip*"

match protocol http url ".flv*"

match protocol http url ".mpg*"

!

!

policy-map p2p

class p2p

drop

class youtube

drop


ip access-list extended webblock

deny udp any any eq 554

deny tcp any any eq 2979

deny udp any any eq 2979

deny tcp any any eq 1790

deny udp any any eq 1790

deny tcp any any eq 1755

deny udp any any eq 1755

deny tcp any any eq 1736

deny udp any any eq 1736

deny tcp any any eq 537

deny udp any any eq 537

deny tcp any any eq 554


interface GigabitEthernet0/1

ip nbar protocol-discovery

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

media-type rj45

negotiation auto

service-policy input p2p



Pleaes tell me how to block the users from downloading etc.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marwan ALshawi Tue, 08/26/2008 - 06:56
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

ur config should be somthing like:


parameter-map type regex url1

pattern [\.yahoo\.com]

class-map type inspect http urlclass1

match req-resp header regex url1

policy-map type inspect http policy1

class type inspect http urlclass1

reset


then apply the policy


above only example

u have more flexibality and i am not sure 100% from the regex pattren avove but should be like that to some extend


have a llok at the following link

search for regex ketword and see it config]


http://www.cisco.com/application/pdf/paws/98628/zone-design-guide.pdf


good luck


please, if helpful Rate

Actions

This Discussion